When you join the Cambridge team, you are part of a skilled and talented global community that is united by a set of core values: commitment, integrity, and perseverance. Join our team and help us confront today’s most threatening and complex obstacles Cambridge International Systems, Inc. has a full-time Zero Trust Architect opportunity available based in Kaiserslautern, Germany (Patch Barracks). Qualified candidates for this job must possess a current DoD Secret security clearance and be eligible for DoD Top Secret clearance, NATO Indoctrination, and meet TESA accreditation requirements. TESA Certification allows employees the to be tax exempt for both Germany and US, in addition to other great perks Employees may be eligible for: relocation reimbursement, housing allowance, COLA and school reimbursement for dependents. ROLE RESPONSIBILTIES Zero Trust Architecture Design: Lead the design and implementation of a Zero Trust security architecture for the organization. Develop and implement strategies to ensure the least privilege access, micro-segmentation, and continuous monitoring of network traffic. Collaborate with cross-functional teams to integrate Zero Trust principles into existing and new systems. Identity and Access Management: Implement strong authentication and authorization mechanisms to verify user identities and ensure secure access. Design and implement role-based access controls (RBAC) and implement identity and access management (IAM) solutions. Monitor and audit user access to identify and mitigate potential security risks. Network Security: Implement network segmentation and micro-segmentation strategies to limit lateral movement. Design and deploy secure communication channels, including encryption and VPN solutions. Collaborate with network engineers to ensure secure configuration and monitoring of network devices. Endpoint Security: Design and implement endpoint protection strategies, including device posture assessment and continuous monitoring. Implement application control and device authentication measures. Work with IT teams to ensure security configurations on endpoints align with Zero Trust principles. Security Monitoring and Incident Response: Implement continuous monitoring solutions to detect and respond to security incidents. Develop and document incident response plans for Zero Trust environments. Conduct regular security assessments and penetration testing. REQUIRED QUALIFICATIONS BA/BS 5 years recent specialized or AA/AS 7 years recent specialized or a major cert 9 years recent specialized or 11 years of recent specialized experience DOD 8570 IAT 2 compliance. Proven experience as a Zero Trust Architect or in a similar cybersecurity role. In-depth knowledge of cybersecurity principles, protocols, and best practices. Experience with identity and access management solutions, network security, and endpoint protection. Familiarity with cybersecurity frameworks, compliance standards, and regulations. Strong problem-solving and analytical skills. Relevant certifications such as Certified Information Systems Security Professional (CISSP) or Certified Zero Trust Architect (CZTA) are a plus. Extensive experience supporting Microsoft Azure and Microsoft 365 Experience in systems infrastructure design, support, and administration Experience working with Microsoft Azure and Microsoft 365 in a hybrid environment. Azure AD, storage, and compute including Application Proxy (NDES), Storage Account, Virtual Machines, Virtual Desktop, Backup, Automation, and Functions Azure identity management including SSO (SAML), OAuth, MFA, RBAC, PIM, conditional access, monitoring / alerting, device registration, identity protection, and hybrid identity management / AD connect. Azure networking including ExpressRoute, VNet, Virtual WAN, VPN, NSG, Load Balancer, BGP, routing, and firewall concepts (Palo Alto, etc.) Experience collaborating with technical teams of diverse IT related skill sets. IAT-III Level Certification (CISSP, CASP CISM, etc) Microsoft Certified Azure Administrator Associate or Developer Associate Must be proficient in using different technologies such as computers and other tools and systems pertinent to the position. Must possess an active DoD TS/SCI security clearance. TRAVEL REQUIREMENTS Active Passport. In rare occasions, overnight travel may be required. PHYSICAL ENVIRONMENT AND WORKING CONDITIONS Cambridge International Systems complies with Temporary Duty Station (TDY)/Outside Continental United States (OCONUS) vaccination requirements. If this position requires OCONUS travel (listed above), Vaccine Recommendations by AOR | Health.mil lists applicable current vaccination requirements by location. Office setting: Must be able to work in an office environment, sitting at a desk, looking at a computer for most of the workday. Work is physically comfortable; the employee has discretion about sitting, walking, standing, etc. May be required to travel short distances to offices/conference rooms and buildings on site. BENEFITS AND PERKS Cambridge International Systems is committed to investing in our employees and their future by providing them with competitive compensation, career development opportunities, comfortable working conditions, and a comprehensive benefits package, some of which are listed below: Medical, dental, vision, Life/AD&D/STD/LTD insurance 401(k) matching and immediate vesting Paid time off and holidays Generous tuition & training assistance program Relocation assistance Sign-on bonuses Referral bonuses Performance-based bonuses Community involvement & outreach Wellness program Employee Assistance Program (EAP) Tickets at Work Refer to a friend If you know someone who may be interested, please share this posting. We are a growing team and there may be more opportunities like this one here at Cambridge International Systems MORE ABOUT US At Cambridge, we recognize innovation and agility grow through diverse collaboration. Our team is comprised of unique individuals, and it is our policy to provide equal opportunity in recruiting, hiring, training, and promoting individuals in all job categories without regard to race, color, religion, national origin, gender, age, disability, genetic information, veteran status, sexual orientation, gender identity, or any other protected class or category as may be defined by federal, state, or local laws or regulations. It is our firm intent to support equal employment opportunity and affirmative action in keeping with applicable federal, state, and local laws and regulations. If you are a qualified individual with a disability or a disabled veteran requiring assistance with the application process, please visit https://cbridgeinc.com/accessibility/ for information on how to request assistance. Powered by JazzHR